REST API Testing

Published on Jan 17, 2020
By Kris / Senior Test Analyst

You must have heard people around you using the word “API” and wondered exactly what this is. Or maybe you know what an API is but you are looking for a way to verify it’s quality. This article is about APIs and how to make sure it meets your quality needs.

API explained

API is an acronym and it stands for Application Programming Interface. API is a set of routines, protocols, and tools for building Software Applications and acts as an interface between two software applications.

In basic terms, APIs allow applications to communicate with one another. It enables communication and data exchange between two separate software systems. A software system implementing an API contains functions/sub-routines which can be executed by another software system.

How An API Works

Let’s approach an API in a complete different way and assume an API as a Waiter at a Restaurant.

In a restaurant, you give an order based on the items available on the menu. A waiter in the restaurant takes your order and delivers it to the kitchen and a few moments later, once the meal is ready, the waiter picks up your food from the kitchen and serves it at your table.

In this scenario, the role of the waiter is similar to an API. As the waiter, the API takes a request from a source, takes that request to the database, fetches the requested data from the database and returns a response to the source.

API gets the request from the user and gives the response without exposing internal logic.

Note: in the image a database is displayed as the data source, as it is most likely to be one but can be any source (e.g. memory, camera … ).

What makes a REST API

Want to know the main difference between REST and API, then surely read this paragraph.

First of all, REST is a type of API, so not all APIs are REST, but all REST services are APIs.

API is a very broad term. Generally it’s how one piece of code talks to another. Can be web based or not. In web development, the API documentation will give you a list of URLs, query parameters and other information on how to make a request from the API, and inform you what sort of response will be given for each query. But no specific rules, like for REST apply.

REST is a set of rules/standards/guidelines for how to build a web API. (E.g.: GET and POST). Since there are many ways to create an API, having an agreed upon system of structuring an API saves time in making decisions when building one, and saves time in understanding how to use one. REST is short for “Representational State Transfer” and is truly a “web services” API. REST APIs are based on URL’s and the HTTP protocol, and use mostly JSON for a data format, which is super browser-compatible. Because REST API’s use HTTP, they can be used by practically any programming language and easy to test 

API Testing

API Testing is a software testing type that validates APIs as part of integration testing to check whether the API meets expectations in terms of functionality, reliability, performance, and security of an application.

It is very different from GUI (Graphical User Interface) testing and mainly concentrates on the business logic layer of the software architecture. In API Testing, you use software to send calls to the API, get output, and note down the system’s response.

This type of testing won’t concentrate on the look and feel of an application, and is completely different from GUI testing. GUI testing is to test the graphical interface part of the application. Its main focus is to test the look and feel of an application. On the other hand, API testing enables communication between two different software systems. Its main focus is in the business layer of the application.

API Testing Types

API testing typically involves the following practices but is not limited to these:

  • Unit testing: To test the functionality at the lowest testable part of the software
  • Functional testing: To test the functionality of broader scenarios
  • Load testing: To test the functionality and performance under load
  • Security testing: To ensure that the implementation of the API is secure from external threats

API Test environment

API Testing is different than other software testing types as a GUI is not available, and yet you require an environment that invokes API calls with a required set of parameters and then finally examines the test result.

I personally use Postman to invoke API calls to test the interface. Postman was developed specially for API testing and is fairy easy to use and allows to invoke single API calls, but also allows creating test scripts and suites.

Example of a call and a response:

  • Request URL: http://localhost:8080/fcpadministrationservice/api/v1/me/vehicles
  • Request Method: GET
  • Status Code: 200 OK
  • Response Body: [{“id”:”5e1e3″,”car”:”Fiat”,”lp”:”1-ABC-123″}{“id”:”5e3a4″,”car”:”Fiat”,”lp”:”1-DEF-456″}]

API Test Cases

Here is an list of the common tests I perform on APIs:

  • Verify whether the return value is based on input condition.
  • Verify whether the return status is as expected (Pass/Fail, Created/Deleted/Edited, Response body, Response code, Error message …)
  • Verify whether the system is authenticating the outcome when the API is updating any data structure
  • Verify whether the API triggers some other event or request another API

Testing approach

First make sure to understand the functionality of the API program and clearly define the scope of the program.

Then apply testing techniques such as equivalence classes, boundary value analysis, and error guessing and write test cases for the API.

Make sure to define the Input Parameters for the API appropriately.

And finally execute the test cases and compare expected and actual results.


Making sure to have a good test coverage taking care of Parameter Combination, Parameter Selection, and Call Sequencing

Since there is no GUI available to test the application can make it difficult to give input values

Validating and Verifying the output in a non GUI environment can prove difficult for testers, but can be automated.


The API consists of a set of classes/functions/procedures which represent the business logic layer. If this layer is not tested properly, it may cause problems not only within the API application but also in the calling application. It is an indispensable test in software engineering when using APIs.

Testing an API will be fairly easy to automate (surely compared to testing a GUI), and once tested, it doesn’t matter how many clients make use of the API (e.g. website, app …) they will all use the same tested interface.